CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14362 – MFSBGN03793 rev.1 - Project and Portfolio Management Center, Multiple vulnerabilities
https://notcve.org/view.php?id=CVE-2017-14362
Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Cross-Site Forgery attack. Vulnerabilidad Cross-Site Request Forgery (CSRF) en Micro Focus Project and Portfolio Management Center 9.32. Esto podría ser explotado para permitir ataques Cross-Site Forgery. • http://www.securitytracker.com/id/1040088 https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03014426 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-14355 – HP Connected Backup 8.6/8.8.6 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-14355
A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6. The vulnerability could be exploited locally to allow escalation of privilege. Se ha identificado una potencial vulnerabilidad de seguridad en las versiones 8.6 y 8.8.6 de HPE Connected Backup. La vulnerabilidad podría explotarse localmente para permitir la escalada de privilegios. HP Connected Backup versions 8.6 and 8.8.6 suffer from a local privilege escalation vulnerability. • https://www.exploit-db.com/exploits/43857 http://seclists.org/bugtraq/2017/Oct/23 http://www.securityfocus.com/bid/101270 https://softwaresupport.hpe.com/document/-/facetsearch/document/KM02987868 •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2017-9273
https://notcve.org/view.php?id=CVE-2017-9273
The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration changes. El controlador bidireccional en IDM 4.5 en versiones anteriores a la 4.0.3.0 podría ser susceptible a cambios de la configuración del registro sin autorización. • https://download.microfocus.com/Download?buildid=SRL-_pc5pR8 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-9272
https://notcve.org/view.php?id=CVE-2017-9272
The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to a denial of service attack. El controlador bidireccional en IDM 4.5 en versiones anteriores a la 4.0.3.0 podría ser susceptible a un ataque de denegación de servicio (DoS). • https://download.microfocus.com/Download?buildid=SRL-_pc5pR8 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9282 – Micro Focus VisiBroker C++ 8.5 SP2 Memory Corruption
https://notcve.org/view.php?id=CVE-2017-9282
An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) on a heap-allocated area, leading to heap corruption in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not assessed. Existe un desbordamiento de enteros (CWE-190) que podría conducir a una escritura fuera de límites (CWE-787) en un área asignada por la memoria dinámica (heap) y que desemboca en la corrupción de la memoria dinámica en la versión 8.5 de Micro Focus VisiBroker. No se ha evaluado la posibilidad de explotar esta vulnerabilidad para realizar más ataques. Micro Focus VisiBroker C++ version 8.5 SP2 suffers from multiple memory corruption vulnerabilities. • https://community.microfocus.com/microfocus/corba/visibroker_-_world_class_middleware/w/knowledge_base/29171/visibroker-8-5-service-pack-4-hotfix-3-security-fixes • CWE-190: Integer Overflow or Wraparound •